1 research outputs found
Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact
Containerization allows bundling applications and their dependencies into a
single image. The containerization framework Docker eases the use of this
concept and enables sharing images publicly, gaining high momentum. However, it
can lead to users creating and sharing images that include private keys or API
secrets-either by mistake or out of negligence. This leakage impairs the
creator's security and that of everyone using the image. Yet, the extent of
this practice and how to counteract it remains unclear.
In this paper, we analyze 337,171 images from Docker Hub and 8,076 other
private registries unveiling that 8.5% of images indeed include secrets.
Specifically, we find 52,107 private keys and 3,158 leaked API secrets, both
opening a large attack surface, i.e., putting authentication and
confidentiality of privacy-sensitive data at stake and even allow active
attacks. We further document that those leaked keys are used in the wild: While
we discovered 1,060 certificates relying on compromised keys being issued by
public certificate authorities, based on further active Internet measurements,
we find 275,269 TLS and SSH hosts using leaked private keys for authentication.
To counteract this issue, we discuss how our methodology can be used to prevent
secret leakage and reuse.Comment: 15 pages, 7 figure